GODT-1155 Update gopenpgp and use go-srp

2025-12-17 15:46:44 +00:00 · 2021-05-14 09:36:48 +02:00
parent c69239ca16
commit a2029002c4
40 changed files with 257 additions and 603 deletions
--- a/pkg/pmapi/attachments_test.go
+++ b/pkg/pmapi/attachments_test.go
@ -33,16 +33,24 @@ import (

 	pmmime "github.com/ProtonMail/proton-bridge/pkg/mime"

-	a "github.com/stretchr/testify/assert"
-	r "github.com/stretchr/testify/require"
+	"github.com/stretchr/testify/require"
 )

+const testAttachmentCleartext = `cc,
+dille.
+`
+
+// Attachment cleartext encrypted with testPrivateKeyRing.
+const testKeyPacket = `wcBMA0fcZ7XLgmf2AQf/cHhfDRM9zlIuBi+h2W6DKjbbyIHMkgF6ER3JEvn/tSruUH8KTGt0N7Z+a80FFMCuXn1Y1I/nW7MVrNhGuJZAF4OymD8ugvuoAMIQX0eCYEpPXzRIWJBZg82AuowmFMsv8Dgvq4bTZq4cttI3CZcxKUNXuAearmNpmgplUKWj5USmRXK4iGB3VFGjidXkxbElrP4fD5A/rfEZ5aJgCsegqcXxX3MEjWXi9pFzgd/9phOvl1ZFm9U9hNoVAW3QsgmVeihnKaDZUyf2Qsigij21QKAUxw9U3y89eTUIqZAcmIgqeDujA3RWBgJwjtY/lOyhEmkf3AWKzehvf1xtJmCWDg==`
+const testDataPacket = `0ksB6S4f4l8C1NB8yzmd/jNi0xqEZsyTDLdTP+N4Qxh3NZjla+yGRvC9rGmoUL7XVyowsG/GKTf2LXF/5E5FkX/3WMYwIv1n11ExyAE=`
+
 var testAttachment = &Attachment{
 	ID:         "y6uKIlc2HdoHPAwPSrvf7dXoZNMYvBgxshYUN67cY5DJjL2O8NYewuvGHcYvCfd8LpEoAI_GdymO0Jr0mHlsEw==",
 	Name:       "croutonmail.txt",
 	Size:       77,
 	MIMEType:   "text/plain",
-	KeyPackets: "wcBMA0fcZ7XLgmf2AQgAiRsOlnm1kSB4/lr7tYe6pBsRGn10GqwUhrwU5PMKOHdCgnO12jO3y3CzP0Yl/jGhAYja9wLDqH8X0sk3tY32u4Sb1Qe5IuzggAiCa4dwOJj5gEFMTHMzjIMPHR7A70XqUxMhmILye8V4KRm/j4c1sxbzA1rM3lYBumQuB5l/ck0Kgt4ZqxHVXHK5Q1l65FHhSXRj8qnunasHa30TYNzP8nmBA8BinnJxpiQ7FGc2umnUhgkFtjm5ixu9vyjr9ukwDTbwAXXfmY+o7tK7kqIXJcmTL6k2UeC6Mz1AagQtRCRtU+bv/3zGojq/trZo9lom3naIeQYa36Ketmcpj2Qwjg==",
+	KeyPackets: testKeyPacket,
+
 	Header: textproto.MIMEHeader{
 		"Content-Description": {"You'll never believe what's in this text file"},
 		"X-Mailer":            {"Microsoft Outlook 15.0", "Microsoft Live Mail 42.0"},
@ -50,12 +58,13 @@ var testAttachment = &Attachment{
 	MessageID: "h3CD-DT7rLoAw1vmpcajvIPAl-wwDfXR2MHtWID3wuQURDBKTiGUAwd6E2WBbS44QQKeXImW-axm6X0hAfcVCA==",
 }

+// Part of GET /mail/messages/{id} response from server.
 const testAttachmentJSON = `{
    "ID": "y6uKIlc2HdoHPAwPSrvf7dXoZNMYvBgxshYUN67cY5DJjL2O8NYewuvGHcYvCfd8LpEoAI_GdymO0Jr0mHlsEw==",
    "Name": "croutonmail.txt",
    "Size": 77,
    "MIMEType": "text/plain",
-    "KeyPackets": "wcBMA0fcZ7XLgmf2AQgAiRsOlnm1kSB4/lr7tYe6pBsRGn10GqwUhrwU5PMKOHdCgnO12jO3y3CzP0Yl/jGhAYja9wLDqH8X0sk3tY32u4Sb1Qe5IuzggAiCa4dwOJj5gEFMTHMzjIMPHR7A70XqUxMhmILye8V4KRm/j4c1sxbzA1rM3lYBumQuB5l/ck0Kgt4ZqxHVXHK5Q1l65FHhSXRj8qnunasHa30TYNzP8nmBA8BinnJxpiQ7FGc2umnUhgkFtjm5ixu9vyjr9ukwDTbwAXXfmY+o7tK7kqIXJcmTL6k2UeC6Mz1AagQtRCRtU+bv/3zGojq/trZo9lom3naIeQYa36Ketmcpj2Qwjg==",
+    "KeyPackets": "` + testKeyPacket + `",
    "Headers": {
        "content-description": "You'll never believe what's in this text file",
        "x-mailer": [
@ -66,68 +75,66 @@ const testAttachmentJSON = `{
 }
 `

-const testAttachmentCleartext = `cc,
-dille.
-`
-
-const testAttachmentEncrypted = `wcBMA0fcZ7XLgmf2AQf/cHhfDRM9zlIuBi+h2W6DKjbbyIHMkgF6ER3JEvn/tSruUH8KTGt0N7Z+a80FFMCuXn1Y1I/nW7MVrNhGuJZAF4OymD8ugvuoAMIQX0eCYEpPXzRIWJBZg82AuowmFMsv8Dgvq4bTZq4cttI3CZcxKUNXuAearmNpmgplUKWj5USmRXK4iGB3VFGjidXkxbElrP4fD5A/rfEZ5aJgCsegqcXxX3MEjWXi9pFzgd/9phOvl1ZFm9U9hNoVAW3QsgmVeihnKaDZUyf2Qsigij21QKAUxw9U3y89eTUIqZAcmIgqeDujA3RWBgJwjtY/lOyhEmkf3AWKzehvf1xtJmCWDtJLAekuH+JfAtTQfMs5nf4zYtMahGbMkwy3Uz/jeEMYdzWY5WvshkbwvaxpqFC+11cqMLBvxik39i1xf+RORZF/91jGMCL9Z9dRMcgB`
-
-const testCreateAttachmentBody = `{
+// POST /mail/attachment/ response from server.
+const testCreatedAttachmentBody = `{
    "Code": 1000,
    "Attachment": {"ID": "y6uKIlc2HdoHPAwPSrvf7dXoZNMYvBgxshYUN67cY5DJjL2O8NYewuvGHcYvCfd8LpEoAI_GdymO0Jr0mHlsEw=="}
 }`

 func TestAttachment_UnmarshalJSON(t *testing.T) {
+	r := require.New(t)
 	att := new(Attachment)
 	err := json.Unmarshal([]byte(testAttachmentJSON), att)
-	r.NoError(t, err)
+	r.NoError(err)

-	att.MessageID = testAttachment.MessageID // This isn't in the JSON object
+	att.MessageID = testAttachment.MessageID // This isn't in the server response

-	r.Equal(t, testAttachment, att)
+	r.Equal(testAttachment, att)
 }

 func TestClient_CreateAttachment(t *testing.T) {
+	r := require.New(t)
 	s, c := newTestClient(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		r.NoError(t, checkMethodAndPath(req, "POST", "/mail/v4/attachments"))
+		r.NoError(checkMethodAndPath(req, "POST", "/mail/v4/attachments"))

 		contentType, params, err := pmmime.ParseMediaType(req.Header.Get("Content-Type"))
-		r.NoError(t, err)
-		r.Equal(t, "multipart/form-data", contentType)
+		r.NoError(err)
+		r.Equal("multipart/form-data", contentType)

 		mr := multipart.NewReader(req.Body, params["boundary"])
 		form, err := mr.ReadForm(10 * 1024)
-		r.NoError(t, err)
-		defer r.NoError(t, form.RemoveAll())
+		r.NoError(err)
+		defer r.NoError(form.RemoveAll())

-		r.Equal(t, testAttachment.Name, form.Value["Filename"][0])
-		r.Equal(t, testAttachment.MessageID, form.Value["MessageID"][0])
-		r.Equal(t, testAttachment.MIMEType, form.Value["MIMEType"][0])
+		r.Equal(testAttachment.Name, form.Value["Filename"][0])
+		r.Equal(testAttachment.MessageID, form.Value["MessageID"][0])
+		r.Equal(testAttachment.MIMEType, form.Value["MIMEType"][0])

 		dataFile, err := form.File["DataPacket"][0].Open()
-		r.NoError(t, err)
-		defer r.NoError(t, dataFile.Close())
+		r.NoError(err)
+		defer r.NoError(dataFile.Close())

 		b, err := ioutil.ReadAll(dataFile)
-		r.NoError(t, err)
-		r.Equal(t, testAttachmentCleartext, string(b))
+		r.NoError(err)
+		r.Equal(testAttachmentCleartext, string(b))

 		w.Header().Set("Content-Type", "application/json")

-		fmt.Fprint(w, testCreateAttachmentBody)
+		fmt.Fprint(w, testCreatedAttachmentBody)
 	}))
 	defer s.Close()

 	reader := strings.NewReader(testAttachmentCleartext) // In reality, this thing is encrypted
 	created, err := c.CreateAttachment(context.Background(), testAttachment, reader, strings.NewReader(""))
-	r.NoError(t, err)
+	r.NoError(err)

-	r.Equal(t, testAttachment.ID, created.ID)
+	r.Equal(testAttachment.ID, created.ID)
 }

 func TestClient_GetAttachment(t *testing.T) {
+	r := require.New(t)
 	s, c := newTestClient(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-		r.NoError(t, checkMethodAndPath(req, "GET", "/mail/v4/attachments/"+testAttachment.ID))
+		r.NoError(checkMethodAndPath(req, "GET", "/mail/v4/attachments/"+testAttachment.ID))

 		w.Header().Set("Content-Type", "application/json")
 		fmt.Fprint(w, testAttachmentCleartext)
@ -135,39 +142,61 @@ func TestClient_GetAttachment(t *testing.T) {
 	defer s.Close()

 	att, err := c.GetAttachment(context.Background(), testAttachment.ID)
-	r.NoError(t, err)
+	r.NoError(err)
 	defer att.Close() //nolint[errcheck]

 	// In reality, r contains encrypted data
 	b, err := ioutil.ReadAll(att)
-	r.NoError(t, err)
+	r.NoError(err)

-	r.Equal(t, testAttachmentCleartext, string(b))
+	r.Equal(testAttachmentCleartext, string(b))
 }

-func TestAttachment_Encrypt(t *testing.T) {
-	data := bytes.NewBufferString(testAttachmentCleartext)
-	r, err := testAttachment.Encrypt(testPublicKeyRing, data)
-	a.Nil(t, err)
-	b, err := ioutil.ReadAll(r)
-	a.Nil(t, err)
+func TestAttachmentDecrypt(t *testing.T) {
+	r := require.New(t)

-	// Result is always different, so the best way is to test it by decrypting again.
-	// Another test for decrypting will help us to be sure it's working.
-	dataEnc := bytes.NewBuffer(b)
-	decryptAndCheck(t, dataEnc)
+	rawKeyPacket, err := base64.StdEncoding.DecodeString(testKeyPacket)
+	r.NoError(err)
+
+	rawDataPacket, err := base64.StdEncoding.DecodeString(testDataPacket)
+	r.NoError(err)
+
+	decryptAndCheck(r, bytes.NewBuffer(append(rawKeyPacket, rawDataPacket...)))
 }

-func TestAttachment_Decrypt(t *testing.T) {
-	dataBytes, _ := base64.StdEncoding.DecodeString(testAttachmentEncrypted)
-	dataReader := bytes.NewBuffer(dataBytes)
-	decryptAndCheck(t, dataReader)
+func TestAttachmentEncrypt(t *testing.T) {
+	r := require.New(t)
+
+	encryptedReader, err := testAttachment.Encrypt(
+		testPublicKeyRing,
+		bytes.NewBufferString(testAttachmentCleartext),
+	)
+	r.NoError(err)
+
+	// The result is always different due to session key. The best way is to
+	// test result of encryption by decrypting again acn coparet to cleartext.
+	decryptAndCheck(r, encryptedReader)
 }

-func decryptAndCheck(t *testing.T, data io.Reader) {
-	r, err := testAttachment.Decrypt(data, testPrivateKeyRing)
-	a.Nil(t, err)
-	b, err := ioutil.ReadAll(r)
-	a.Nil(t, err)
-	a.Equal(t, testAttachmentCleartext, string(b))
+func decryptAndCheck(r *require.Assertions, data io.Reader) {
+	// First separate KeyPacket from encrypted data. In our case keypacket
+	// has 271 bytes.
+	raw, err := ioutil.ReadAll(data)
+	r.NoError(err)
+	rawKeyPacket := raw[:271]
+	rawDataPacket := raw[271:]
+
+	// KeyPacket is retrieve by get GET /mail/messages/{id}
+	haveAttachment := &Attachment{
+		KeyPackets: base64.StdEncoding.EncodeToString(rawKeyPacket),
+	}
+
+	// DataPacket is received from GET /mail/attachments/{id}
+	decryptedReader, err := haveAttachment.Decrypt(bytes.NewBuffer(rawDataPacket), testPrivateKeyRing)
+	r.NoError(err)
+
+	b, err := ioutil.ReadAll(decryptedReader)
+	r.NoError(err)
+
+	r.Equal(testAttachmentCleartext, string(b))
 }